The host is installed with Cacti version before 1.1.16 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle the issue in spikekill.php component. Successful exploitation allows remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.